From 98238aa8736022ec08205e66a4e92f690ddcc711 Mon Sep 17 00:00:00 2001
From: Alexandre Julliard <julliard@winehq.org>
Date: Wed, 16 Oct 2019 16:29:04 +0200
Subject: [PATCH] ntdll: Disallow changing DEP flags on 64-bit.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/ntdll/process.c         |  6 ++++--
 dlls/ntdll/tests/exception.c | 19 ++++++++++++++++++-
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
index 02ae4404fdb..c7e2cdb1b7d 100644
--- a/dlls/ntdll/process.c
+++ b/dlls/ntdll/process.c
@@ -57,7 +57,9 @@
 
 WINE_DEFAULT_DEBUG_CHANNEL(process);
 
-static ULONG execute_flags = MEM_EXECUTE_OPTION_DISABLE;
+static ULONG execute_flags = MEM_EXECUTE_OPTION_DISABLE | (sizeof(void *) > sizeof(int) ?
+                                                           MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION |
+                                                           MEM_EXECUTE_OPTION_PERMANENT : 0);
 
 static const BOOL is_win64 = (sizeof(void *) > sizeof(int));
 
@@ -679,7 +681,7 @@ NTSTATUS WINAPI NtSetInformationProcess(
         break;
 
     case ProcessExecuteFlags:
-        if (ProcessInformationLength != sizeof(ULONG))
+        if (is_win64 || ProcessInformationLength != sizeof(ULONG))
             return STATUS_INVALID_PARAMETER;
         else if (execute_flags & MEM_EXECUTE_OPTION_PERMANENT)
             return STATUS_ACCESS_DENIED;
diff --git a/dlls/ntdll/tests/exception.c b/dlls/ntdll/tests/exception.c
index 0a9dae138c0..fb58c0ee7a8 100644
--- a/dlls/ntdll/tests/exception.c
+++ b/dlls/ntdll/tests/exception.c
@@ -170,6 +170,7 @@ static char**   my_argv;
 #define ProcessExecuteFlags 0x22
 #define MEM_EXECUTE_OPTION_DISABLE   0x01
 #define MEM_EXECUTE_OPTION_ENABLE    0x02
+#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x04
 #define MEM_EXECUTE_OPTION_PERMANENT 0x08
 #endif
 
@@ -2575,9 +2576,25 @@ static void test_dpe_exceptions(void)
 {
     static const BYTE ret[] = {0xc3};
     DWORD (CDECL *func)(void) = code_mem;
-    DWORD old_prot;
+    DWORD old_prot, val = 0, len = 0xdeadbeef;
+    NTSTATUS status;
     void *handler;
 
+    status = pNtQueryInformationProcess( GetCurrentProcess(), ProcessExecuteFlags, &val, sizeof val, &len );
+    ok( status == STATUS_SUCCESS || status == STATUS_INVALID_PARAMETER, "got status %08x\n", status );
+    if (!status)
+    {
+        ok( len == sizeof(val), "wrong len %u\n", len );
+        ok( val == (MEM_EXECUTE_OPTION_DISABLE | MEM_EXECUTE_OPTION_PERMANENT |
+                    MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION),
+            "wrong val %08x\n", val );
+    }
+    else ok( len == 0xdeadbeef, "wrong len %u\n", len );
+
+    val = MEM_EXECUTE_OPTION_DISABLE;
+    status = pNtSetInformationProcess( GetCurrentProcess(), ProcessExecuteFlags, &val, sizeof val );
+    ok( status == STATUS_INVALID_PARAMETER, "got status %08x\n", status );
+
     memcpy(code_mem, ret, sizeof(ret));
 
     handler = pRtlAddVectoredExceptionHandler(TRUE, &dpe_handler);